📦

crystal_reports

Vendor: businessobjects

Actively Exploited 0 CISA KEV List

PoC / Exploits 3 Code Available

Total RCEs 3 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 20.03% Exploit Prob.

Latest CVE CVE-2020-6208 Mar 10

Security Vulnerability Index

Page 1 / 1

8.2 CVSS

CVE-2020-6208

RCE

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.

EPSS: 2.60%

Severity: HIGH

Mar 10, 2020

9.8 CVSS

CVE-2019-0285

Exploit Found

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

EPSS: 7.28%

Severity: CRITICAL

Apr 10, 2019

8.8 CVSS

CVE-2018-2427

RCE

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.

EPSS: 0.64%

Severity: HIGH

Jul 10, 2018

6.8 CVSS

CVE-2014-5506

RCE

Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.

EPSS: 2.08%

Severity: MEDIUM

Sep 04, 2014

6.8 CVSS

CVE-2014-5505

Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.

EPSS: 6.50%

Severity: MEDIUM

Sep 04, 2014

9.3 CVSS

CVE-2010-2590

Exploit Found

Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.

EPSS: 78.97%

Severity: HIGH

Dec 22, 2010

10.0 CVSS

CVE-2010-3032

Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.

EPSS: 25.56%

Severity: HIGH

Aug 17, 2010

7.5 CVSS

CVE-2004-0204

Exploit Found

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

EPSS: 75.37%

Severity: HIGH

Aug 06, 2004

5.0 CVSS

CVE-2004-1981

The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.

EPSS: 0.65%

Severity: MEDIUM

May 02, 2004

7.5 CVSS

CVE-2001-1464

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.

EPSS: 0.69%

Severity: HIGH

Jan 10, 2001

Displaying 10 of 3 Total Entries

Total 1 Sections